Brianna Poulos
8c7ca368b1
This change adds support for the trusted_image_certificates parameter,
which is used to define a list of trusted certificate IDs that can be
used during image signature verification and certificate validation. The
parameter may contain a list of strings, each string representing the ID
of a trusted certificate. The list is restricted to a maximum of 50 IDs.
The list of certificate IDs will be stored in the trusted_certs field of
the instance InstanceExtra and will be used to verify the validity of
the signing certificate of a signed instance image.
The trusted_image_certificates request parameter can be passed to
the server create and rebuild APIs (if allowed by policy):
* POST /servers
* POST /servers/{server_id}/action (rebuild)
The following policy rules were added to restrict the usage of the
``trusted_image_certificates`` request parameter in the server create
and rebuild APIs:
* os_compute_api:servers:create:trusted_certs
* os_compute_api:servers:rebuild:trusted_certs
The trusted_image_certificates parameter will be in the response
body of the following APIs (not restricted by policy):
* GET /servers/detail
* GET /servers/{server_id}
* PUT /servers/{server_id}
* POST /servers/{server_id}/action (rebuild)
APIImpact
Implements blueprint: nova-validate-certificates
Change-Id: Iedd3fea0e86648fae364f075915555dcb2c4f199
31 lines
750 B
JSON
31 lines
750 B
JSON
{
|
|
"versions": [
|
|
{
|
|
"id": "v2.0",
|
|
"links": [
|
|
{
|
|
"href": "http://openstack.example.com/v2/",
|
|
"rel": "self"
|
|
}
|
|
],
|
|
"status": "SUPPORTED",
|
|
"version": "",
|
|
"min_version": "",
|
|
"updated": "2011-01-21T11:33:21Z"
|
|
},
|
|
{
|
|
"id": "v2.1",
|
|
"links": [
|
|
{
|
|
"href": "http://openstack.example.com/v2.1/",
|
|
"rel": "self"
|
|
}
|
|
],
|
|
"status": "CURRENT",
|
|
"version": "2.63",
|
|
"min_version": "2.1",
|
|
"updated": "2013-07-23T11:33:21Z"
|
|
}
|
|
]
|
|
}
|